Update Flask API sample

Author: alexisluque

00-Starter-Seed/.gitignore

@@ -1 +1,3 @@
-.env
+.env
+*.iml
+.idea

00-Starter-Seed/README.md

@@ -1,12 +1,17 @@
 # Auth0 + Python + Flask API Seed
-This is the seed project you need to use if you're going to create a Python + Flask API. If you just want to create a Regular Python WebApp, please check [this other seed project](https://github.com/auth0-samples/auth0-python-web-app/tree/master/00-Starter-Seed)
+This is the seed project you need to use if you're going to create a Python + Flask API.
+If you just want to create a Regular Python WebApp, please
+check [this other seed project](https://github.com/auth0-samples/auth0-python-web-app/tree/master/01-Login)
 
 # Running the example
 In order to run the example you need to have `python` and `pip` installed.
 
-You also need to set your Auth0 Domain and the API's audience as environment variables with the following names respectively: `AUTH0_DOMAIN` and `API_ID`, which is the audience of your API. You can find an example in the `env.example` file.
+You also need to set your Auth0 Domain and the API's audience as environment variables with the following names
+respectively: `AUTH0_DOMAIN` and `API_ID`, which is the audience of your API. You can find an example in the
+`env.example` file.
 
-For that, if you just create a file named `.env` in the directory and set the values like the following, the app will just work:
+For that, if you just create a file named `.env` in the directory and set the values like the following,
+the app will just work:
 
 ```bash
 # .env file
@@ -20,4 +25,31 @@ Once you've set those 2 enviroment variables:
 2. Start the server with `python server.py`
 3. Try calling [http://localhost:3001/ping](http://localhost:3001/ping)
 
-You can then try to do a GET to [http://localhost:3001/secured/ping](http://localhost:3001/secured/ping) which will throw an error if you don't send an access token signed with RS256 with the appropriate issuer and audience in the Authorization header. You can also try to  do a GET to [http://localhost:3001/secured/private/ping](http://localhost:3001/secured/private/ping) which will throw an error if you don't send an access token with the scope `read:agenda` signed with RS256 with the appropriate issuer and audience in the Authorization header.
+# Running the example with Docker
+
+In order to run the example you need to have `docker` installed.
+
+You also need to set your Auth0 Domain and the API's audience as environment variables with the following names
+respectively: `AUTH0_DOMAIN` and `API_ID`, which is the audience of your API. You can find an example in the
+`env.example` file.
+
+For that, if you just create a file named `.env` in the directory and set the values like the following,
+the app will just work:
+
+```bash
+# .env file
+AUTH0_DOMAIN=example.auth0.com
+API_ID=YOUR_API_AUDIENCE
+```
+
+Once you've set those 2 enviroment variables:
+
+1. Execute in command line `sh exec.sh` to run the Docker in Linux, or `.\exec.ps1` to run the Docker in Windows.
+2. Try calling [http://localhost:3001/ping](http://localhost:3001/ping)
+
+You can then try to do a GET to [http://localhost:3001/secured/ping](http://localhost:3001/secured/ping) which will
+throw an error if you don't send an access token signed with RS256 with the appropriate issuer and audience in the
+Authorization header. You can also try to  do a GET to 
+[http://localhost:3001/secured/private/ping](http://localhost:3001/secured/private/ping) which will throw an error if
+you don't send an access token with the scope `read:agenda` signed with RS256 with the appropriate issuer and audience
+in the Authorization header.

00-Starter-Seed/requirements.txt

@@ -2,3 +2,4 @@ flask
 python-dotenv
 python-jose
 flask-cors
+six

00-Starter-Seed/server.py

@@ -3,56 +3,65 @@
 
 from functools import wraps
 import json
-from os import environ as env, path
-import urllib
+from os import environ as env
+from six.moves.urllib.request import urlopen
 
-from dotenv import load_dotenv
+from dotenv import load_dotenv, find_dotenv
 from flask import Flask, request, jsonify, _app_ctx_stack
 from flask_cors import cross_origin
 from jose import jwt
 
-load_dotenv(path.join(path.dirname(__file__), ".env"))
-AUTH0_DOMAIN = env["AUTH0_DOMAIN"]
-API_AUDIENCE = env["API_ID"]
+ENV_FILE = find_dotenv()
+if ENV_FILE:
+    load_dotenv(ENV_FILE)
+AUTH0_DOMAIN = env.get("AUTH0_DOMAIN")
+API_AUDIENCE = env.get("API_ID")
 ALGORITHMS = ["RS256"]
 APP = Flask(__name__)
 
 
 # Format error response and append status code.
-def handle_error(error, status_code):
-    """Handles the errors
-    """
-    resp = jsonify(error)
-    resp.status_code = status_code
-    return resp
+class AuthError(Exception):
+    def __init__(self, error, status_code):
+        self.error = error
+        self.status_code = status_code
+
+
+@APP.errorhandler(AuthError)
+def handle_auth_error(ex):
+    response = jsonify(ex.error)
+    response.status_code = ex.status_code
+    return response
+
 
 def get_token_auth_header():
     """Obtains the access token from the Authorization Header
     """
     auth = request.headers.get("Authorization", None)
     if not auth:
-        return handle_error({"code": "authorization_header_missing",
+        raise AuthError({"code": "authorization_header_missing",
                              "description":
                                  "Authorization header is expected"}, 401)
 
     parts = auth.split()
 
     if parts[0].lower() != "bearer":
-        return handle_error({"code": "invalid_header",
+        raise AuthError({"code": "invalid_header",
                              "description":
                                  "Authorization header must start with"
                                  "Bearer"}, 401)
     elif len(parts) == 1:
-        return handle_error({"code": "invalid_header",
+        raise AuthError({"code": "invalid_header",
                              "description": "Token not found"}, 401)
     elif len(parts) > 2:
-        return handle_error({"code": "invalid_header",
+        raise AuthError({"code": "invalid_header",
                              "description": "Authorization header must be"
-                                            "Bearer token"}, 401)
+                                            " Bearer token"}, 401)
 
     token = parts[1]
     return token
 
+
 def requires_scope(required_scope):
     """Determines if the required scope is present in the access token
     Args:
@@ -66,22 +75,23 @@ def requires_scope(required_scope):
             return True
     return False
 
+
 def requires_auth(f):
     """Determines if the access token is valid
     """
     @wraps(f)
     def decorated(*args, **kwargs):
         token = get_token_auth_header()
-        jsonurl = urllib.urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
+        jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
         jwks = json.loads(jsonurl.read())
         try:
             unverified_header = jwt.get_unverified_header(token)
         except jwt.JWTError:
-            return handle_error({"code": "invalid_header",
+            raise AuthError({"code": "invalid_header",
                                  "description": "Invalid header. "
                                                 "Use an RS256 signed JWT Access Token"}, 401)
         if unverified_header["alg"] == "HS256":
-            return handle_error({"code": "invalid_header",
+            raise AuthError({"code": "invalid_header",
                                  "description": "Invalid header. "
                                                 "Use an RS256 signed JWT Access Token"}, 401)
         rsa_key = {}
@@ -104,23 +114,24 @@ def decorated(*args, **kwargs):
                     issuer="https://"+AUTH0_DOMAIN+"/"
                 )
             except jwt.ExpiredSignatureError:
-                return handle_error({"code": "token_expired",
+                raise AuthError({"code": "token_expired",
                                      "description": "token is expired"}, 401)
             except jwt.JWTClaimsError:
-                return handle_error({"code": "invalid_claims",
+                raise AuthError({"code": "invalid_claims",
                                      "description": "incorrect claims,"
                                                     " please check the audience and issuer"}, 401)
             except Exception:
-                return handle_error({"code": "invalid_header",
+                raise AuthError({"code": "invalid_header",
                                      "description": "Unable to parse authentication"
                                                     " token."}, 400)
 
             _app_ctx_stack.top.current_user = payload
             return f(*args, **kwargs)
-        return handle_error({"code": "invalid_header",
+        raise AuthError({"code": "invalid_header",
                              "description": "Unable to find appropriate key"}, 400)
     return decorated
 
+
 # Controllers API
 @APP.route("/ping")
 @cross_origin(headers=["Content-Type", "Authorization"])
@@ -139,6 +150,7 @@ def secured_ping():
     """
     return "All good. You only get this message if you're authenticated"
 
+
 @APP.route("/secured/private/ping")
 @cross_origin(headers=["Content-Type", "Authorization"])
 @cross_origin(headers=["Access-Control-Allow-Origin", "*"])